High severity8.8NVD Advisory· Published Oct 16, 2018· Updated Jun 17, 2026
CVE-2018-18382
CVE-2018-18382
Description
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=1.6
Patches
Vulnerability mechanics
References
1- www.exploit-db.com/exploits/45604/nvdExploitThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.